SamuZai
LiveOverflow

LiveOverflow

patreon


LiveOverflow posts

What is a Server?

With this video I explain my ~17y/o self what a "Server" is. We look at server software and servers in datacenters to understand how the word is used.

View Post

Server Griefed and New Beginnings ...

I was bullied and kicked out. So I traveled very very far away to establish a new base. In the process I moved the world from 1.18.2 to 1.19.2, forcing everybody to upgrade their hacks and find the new IP. But can you also find my new base?

View Post

I Leaked My IP Address!

How bad is it to leak your IP address? VPN providers want us to believe it is dangerous, but I wanted to share my thoughts on the matter.  

Minecraft:HACKED https://www.youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
OALabs about VPNs: 2022-10-21 15:56:34 +0000 UTC View Post

WorldGuard Bypass

Telling the story how code review lead to the discovery of a common mistake plugin developers make. It also affects worldguard. However is it really worth fixing?

View Post

The Origin of Cross-Site Scripting (XSS) - Hacker Etymology

Why is it called "XSS"? Where does it come from and who influenced this type of website vulnerability?

Full Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjyakFK7puB3fHVfXMinqMSi

View Post

The Age of Universal XSS

In August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it.

View Post

The End Of Humans In Minecraft

Hackers keep finding my server and ruin everything. Maybe it's time to end it.

Watch full series: https://www.youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG 

View Post

Three JavaScript Security Legends

In this video we talk about the first JavaScript vulnerabilities in 1997, and how the field was dominated by three "XSS" legends.

View Post

Minecraft Force-OP Exploit!

We investigate how Herobrine got OP on my server and we look back at the network protocol vulnerability I reported in march.

View Post

Discover Vulnerabilities in Intel CPUs!

In this video we explore the basic ideas behind CPU vulnerabilities and have a closer look at RIDL.

View Post

Code Review vs. Dynamic Testing explained with Minecraft

Maybe you are wondering how people can figure out crazy stuff in Minecraft. Generally there are two techniques: dynamic testing or reading code. So which method is better?

View Post

Self-Learning Reverse Engineering in 2022

There exist some awesome tools nowadays to accelerate your self-education for reverse engineering. godbolt and dogbolt are amazing to quickly learn basic assembly and reversing.  

The Same Origin Policy - Hacker History

In 1995 Netscape invented JavaScript (LiveScript) and it marked the start of client-side web security issues. In this video we explore this history and learn about the same origin policy (SOP).

View Post

Minecraft Seedcracking

Some players found my server and imprisoned me...

We also talk about various techniques of cracking the seed of my server.

View Post

A Deeper Look at Hacking Laws

A deeper look into the german hacking laws to see what kind of actions are illegal. There are some surprising edge cases and lots of room for debates.

View Post

Are Resource Packs Safe?

Let's explore how Minecraft can be customized. The knowledge we gain from that is very useful to identify interesting attack surface.

View Post

Illegal Minecraft Adventures?

Laws are complicated and internet wide scanning is a bit of a grey area. So I wonder, what is ethical? Did I cross a line? What do you think?

View Post

Could I Hack into Google Cloud?

Google announced the Google Cloud Platform (GCP) Prize 2021 - 133.337$ for the best bug bounty report for the Google Cloud Platform. Reading writeups is important to stay up to date and learn about different attacks. In this video I go over the 6 winners and share my thoughts.

View Post

Anti-Griefing Squad

I want to show you another Minecraft related project of mine. I tried to scan the whole internet for servers. A project like this is really good practice to gain more coding experience. And the knowledge gained is applicable to other areas, for example if I would ever want to build large scale scanning for bug bounties or similar projects.

View Post

Crafting a Minecraft 0day...

In this video I show off my new XRay mod, we go mining, almost die in the Nether and discover a vulnerability in the Minecraft Protocol. Just another normal Minecraft:HACKED episode!

(sorry I forgot to post this yesterday)

View Post

Flying Without Elytra

In this episode we start by exploring the basic AFK fishing farm. While building a potato farm we learn about the scientific method and how we can apply it to Minecraft to find a new fishing farm design for 1.19. Unfortunately we are still on 1.18.2, so we have to develop our own autofish mod. From the newly found programming experience we then are able to develop our own fly hack and bypass th...

View Post

Exploring Minecraft Client Mods - Minecraft Hacker VS Herobrine

In this episode of Minecraft Hacked we are going to look into client mods and talk about cheating in general.

Minecraft, But It's Reverse Engineered... (Minecraft Servers)

In this episode we learn how Minecraft servers are implemented by looking at PaperMC and tracing the dependencies. Turns out the custom Minecraft servers rely on decompiling the server source code! It's insane what this Minecraft community has created.

Grab the files: https://github.com/LiveOverflow/minec...

View Post

I Spent 100 Days Hacking Minecraft

I got addicted to Minecraft, so I decided to hack it. I know this is a weird video for this channel, but it was really fun to combine Minecraft storytelling with technical tutorials. The result is a very unique hacking tutorial that hopefully can reach lots of new people. I hope you enjoy it!

https://gith...

View Post

Hacking for 10 Years... (Stripe CTF Speedrun)

Celebrating my 10 years of hacking and my 7 years on YouTube! In 2012 I came across my first hacking CTF. Stripe organized a Capture the Flag competition with 6 levels to learn about different vulnerabilities. This is what it all started for me. In this video I reflect on the challenges from back then.

View Post

Missing HTTP Security Headers

In this video we talk about various HTTP headers that can improve or weaken the security of a site. And we discuss how serious they really are.

View Post

Finding 0day in Apache APISIX During CTF (CVE-2022-24112)

In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.


CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133

GitLab: View Post

Crazy JSP Web Shell to Exploit Tomcat - Real World CTF 2022

This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.

View Post

Sudo Exploit for Ubuntu 20.04 LTS | Ep. 17

This is the end. We finally develop a working sudoedit exploit for Ubuntu 20.04.

View Post

Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass.  

Jazzer Java Fuzzer: 2022-02-01 16:37:40 +0000 UTC View Post